Method, device and server for managing user login sessions

ABSTRACT

The present disclosure provides a method, device and server for managing user login sessions. A session cache list is queried, using a user ID and after a user has successfully logged in with the user ID via the login medium, whether a login session queue corresponding to the user ID exists in the session cache list. If the login session queue exists in the session cache list, a user login status is managed through the login session queue. If the login session queue corresponding to the user ID is absent from the session cache list, a session ID corresponding to the user&#39;s login is stored in a login session queue corresponding to the user ID in the session cache list. A legitimate user is able to effectively manage each login created with the user&#39;s user ID through the login session queue, and to prevent any login sessions created when the user ID is used to log in from being beyond the legitimate user&#39;s control.

CROSS REFERENCE TO RELATED APPLICATION

This application claims the benefit of Chinese Patent Application No.201510229467.8, entitled “Method of User Login Session Management,Apparatus Thereof and Server”, filed May 7, 2015, which is herebyincorporated by reference herein in its entirety.

TECHNICAL FIELD

The present disclosure relates to the technical field of Internettechnology, and particularly to a method, device and server for managinguser login sessions.

BACKGROUND

In the prior art, a legitimate user can log into a website through acomputing device using the user's username and password. An illegitimateuser may steal the user's password when the user logs into a website viaa PC, and the illegitimate user may keep the legitimate user's loginsession on the computing device active by periodically refreshing theweb page, which refreshes a login timestamp. The login session can bekept active by refreshing the webpage to refresh the login timestamp.The login session may be kept open by the illegitimate user even if thelegitimate user changes the login password. The illegitimate user canstill refresh the login session timestamp by refreshing the page to keepthe login session, and login status, active despite the legitimateuser's password change. The illegitimate user can keep the loginsession, and status, active without the legitimate user's knowledge orpermission.

SUMMARY

It would be beneficial to provide control over a legitimate user's loginstatus. Embodiments of the present disclosure seek to address failingsin the art and to provide a capability to effectively manage the loginstatus of a legitimate user's login session(s). In accordance with oneor more embodiments of the present disclosure, each login sessioncreated by logging in using a legitimate user's user identifier (UID)can be effectively managed using a login session queue. Furthermore,each login session that has been started by logging in using thelegitimate user's UID can remain under the control of the legitimateuser, thus avoiding any login security issues for the legitimate user inconnection with the user's UID.

According to an aspect of the present disclosure, a method for managinguser login sessions using a server is provided. The method comprisesquerying, using a server computing device and a user ID (UID), to detectwhether a login session queue corresponding to the user ID exists in asession cache list, the querying being performed after a successfullogin of the user with the user ID via a login medium; managing, usingthe server computing device, the user's login status through the loginsession queue, if the querying detects that the login session queuecorresponding to the user ID exists in the session cache list; andstoring, using the server computing device, a session ID in a loginsession queue corresponding to the UID in the session cache list if thequerying detects an absence of the login session queue corresponding tothe user ID in the session cache list.

According to another aspect of the present disclosure, a servercomputing device for managing user login sessions is provided. Theserver computing device comprising a query module querying, using a userID, to detect whether a login session queue corresponding to the user IDexists in a session cache list, the querying being performed after asuccessful login of the user with the user ID via a login medium; amanaging module managing the user's login status through the loginsession queue, if the query module detects that the login session queuecorresponding to the user ID exists in the session cache list; and afirst storage module storing a session ID in a login session queuecorresponding to the UID in the session cache list if the query moduledetects an absence of the login session queue corresponding to the userID in the session cache list.

According to yet another aspect of the present disclosure a server isprovided. The server comprising a processor a storage medium fortangibly storing thereon program logic for execution by the processor,the stored program logic comprising: querying logic executed by theprocessor for querying, using a user ID, to detect whether a loginsession queue corresponding to the user ID exists in a session cachelist, the querying being performed after a successful login of the userwith the user ID via a login medium; managing logic executed by theprocessor for managing the user's login status through the login sessionqueue, if the querying detects that the login session queuecorresponding to the user ID exists in the session cache list; andstoring logic executed by the processor for storing a session ID in alogin session queue corresponding to the UID in the session cache listif the querying detects an absence of the login session queuecorresponding to the user ID in the session cache list.

It is thus clear from the above technical scheme that embodiments of thepresent disclosure queries, according to the UID, whether there is anyexisting login session queue corresponding to the UID in the sessioncache list; if any, the user login status is managed through the loginsession queue, so that the login status created with a UID can beeffectively managed by the legitimate user through the login sessionqueue, and thus any security issues can be prevented for the legitimateuser under the circumstance that the login status created with a UID isbeyond the legitimate user's control.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flow diagram of the method for managing user login sessionsaccording to one exemplary embodiment of the present disclosure;

FIG. 2 is a flow diagram of the method for managing user login sessionsaccording to another exemplary embodiment of the present disclosure;

FIG. 3 is a flow diagram of the method for managing user login sessionsaccording to yet another exemplary embodiment of the present disclosure;

FIG. 4A is a flow diagram of the method for managing user login sessionsaccording to yet another exemplary embodiment of the present disclosure;

FIG. 4B is a flow diagram of a means of realization in accordance withstep 402 in the embodiment as shown in FIG. 4A;

FIG. 5 is a scene graph of the user login session management accordingto an exemplary embodiment of the present disclosure;

FIG. 6 illustrates a schematic view of the structure of a serveraccording to an exemplary embodiment of the present disclosure;

FIG. 7 illustrates a schematic view of the structure of a device formanaging user login sessions according to one exemplary embodiment ofthe present disclosure;

FIG. 8 illustrates a schematic view of the structure of a device formanaging user login sessions according to another exemplary embodimentof the present disclosure;

FIG. 9 illustrates a schematic view of the structure of a device formanaging user login sessions according to yet another exemplaryembodiment of the present disclosure;

FIG. 10 illustrates a schematic view of the structure of a device formanaging user login sessions according to yet another exemplaryembodiment of the present disclosure;

DETAILED DESCRIPTION

A detailed description of the exemplary embodiments is disclosed hereinwith examples shown in the Figures. In the following description and inconnection with the Figures, unless otherwise specified, the same numberin different Figures represents the same or similar element. Thefollowing exemplary embodiments do not represent all the embodiments ofthe present disclosure. On the contrary, the embodiments are intended tobe exemplary and to provide examples of a device and methodcorresponding to some aspects of the present disclosure as described inthe Claims.

The terms used in the present disclosure are only for the purpose ofdescribing specified embodiments, instead of limiting the presentdisclosure. The singular form “a”, “the” and “said” in the presentdisclosure and the appended Claims are to be construed to include theplural form, unless otherwise clearly indicated in the context. Inaddition, the term “and/or” used herein represents and includes anycombination or all the possible combinations of one or a plurality ofassociated listed items.

It should be understood that although the terms such as “first”,“second” and “third' may be used herein to describe all kinds ofinformation, the information shall not be limited to the connotation ofthese terms. These terms are only used to distinguish the information ofthe same type among each other. For example, without departing from thescope of the present disclosure, a first information can be called asecond information, and similarly a second information can be called afirst information. It is determined by the context, e.g., the word “if”used herein can be interpreted as “when”, “while” or “in response to thedetermination”.

In accordance with one or more embodiments, when a user browses awebsite, a login session is a process which can be begin with the usersuccessfully logging in and can end with the user logging off or with asession expiration, the latter of which can be due to a login timeout.During the process, an SID identifying a login session corresponding tothe user's login can be generated, and the SID can be used to track thelogin session corresponding to the user's login.

The present disclosure queries, using the user's UID and after the userhas successfully logged in with the UID through a login medium, whetherthere is any existing login session queue corresponding to the UID inthe session cache list. If there is a login session queue correspondingto the user's UID in the session cache list, the user's login status ismanaged using the login session queue. In so doing, the status of alegitimate user's login with the user's UID can be effectively managedby the legitimate user through the login session queue, and thus anysecurity issues can be prevented for the legitimate user, including thecircumstance in which the status of the user's login with the user's UIDwould otherwise be beyond the legitimate user's control.

In order to further describe the present disclosure, the followingembodiments are herein provided.

FIG. 1 is illustrative of a flow diagram of a method for managing userlogin sessions in accordance with an exemplary embodiment of the presentdisclosure.

In step 101, the session cache list is queried using the user's UIDafter the user has successfully logged in with the UID via a loginmedium to detect whether there is any existing login session queuecorresponding to the UID in the session cache list. If a login sessionqueue is detected in the session cache list, step 102 is executed. If alogin session queue is not detected in the session cache list, step 103is executed.

Examples of login mediums, in accordance with at least one embodiment,include a PC, a mobile phone, or a tablet, etc. In one embodiment, theUID can be the user's username used to log in to a website. For example,hanmei2015 is the UID registered by Han Mei on the AAA portal site, andHan Mei can log into the AAA portal site with the UID. In oneembodiment, Han Mei can log into the AAA portal site through a PCbrowser, as well as a mobile phone browser.

In one embodiment, the session cache list can be implemented through ahigh-performance TAIR cache, so as to store the user login session fromthe user's perspective. In one embodiment, when the user logs into theAAA portal site, an SID can be created for this login and a mappingrelationship between the UID and the SID can be established and storedin the session cache list in a login session queue corresponding to theUID. In one embodiment, a UID corresponds to a login session queue, inwhich the corresponding login medium (e.g., a PC, a mobile phone, atablet, etc.), IP address, time and browser information (e.g., browsername, version number, etc.) of each login to the AAA portal site withthe UID can be recorded; if the storage capacity of the login sessionqueue is adequate, the login session queue can record all the loginhistory about when and through what login medium the user logged intothe AAA portal site with the UID.

In step 102, which is performed if the querying performed in step 101detects a login session queue corresponding to the UID in the sessioncache list, the user's login status is managed using the login sessionqueue corresponding to the UID detected the session cache list, and theprocess ends.

In one embodiment, management of the login session queue can beimplemented by determining whether the size of the login session queueexceeds a predetermined threshold. In another embodiment, management ofthe login session queue can be implemented by determining whether thestorage duration of each SID in the login session queue exceeds apredetermined storage cycle. In yet another embodiment, each currentlyactive login session in the login session queue can also be managedbased on the login permission settings set by the user.

For example, Han Mei personally logs into the AAA portal site with theUID hanmei2015 and this is not the first time that the hanmei2015 UIDhas been used by Han Mei to log in to the AAA portal site. A loginsession queue corresponding to the hanmei2015 UID exists in the sessioncache list, and the current login session and a login session history ofother logins to the AAA portal site with the hanmei2015 UID can bestored in the login session queue. Han Mei logs into the AAA portal sitewith the hanmei2015 UID on a public computer but forgets to log out. Anillegitimate user Li Ming continues the login session, which began withHan Mei logging in to the AAA portal site with Han Mei's UID on thepublic computer. As discussed herein, Li Ming can continue the loginsession by performing a web page refresh, for example.

After Han Mei is home and logs in to the AAA portal site with thehanmei2015 UID again, Han Mei can manage the login status of a loginsession, including the one currently being kept active by Li Ming on thepublic computer, through the login session queue corresponding to thehanmei2015 UID. If the login session queue indicates that Han Meiremains logged in to the AAA portal site with the hanmei2015 UID on thepublic computer, Han Mei can log out of the AAA portal site on thepublic computer, which results in the illegitimate user Li Ming beingprevented from continuing to use Han Mei's login session into the AAAportal site. Therefore, each login session created using the UIDhanmei2015 can be effectively managed by Han Mei using the login sessionqueue, and thus any security issues can be eliminated, including thesecurity issues associated with Han Mei's login session created with thehanmei2015 UID, which login session's status would otherwise be beyondher control.

In step 103, which is performed if the querying performed in step 101detects an absence of a login session queue corresponding to the UID inthe session cache list, the SID corresponding to the current login ofthe user is stored in a login session queue in the session cache list,and the process ends.

For example, Han Mei logs in to the AAA portal site with the hanmei2015UID for the first time, which is the first UID that Han Mei uses. As aresult, an SID is created for the login session associated with HanMei's login with the hanmei2015 UID, and the SID is stored in a loginsession queue. As discussed in connection with step 102, for example,the login session queue can be used to manage the login status of eachlogin session associated with a login using the hanmei2015 UID.

At least one embodiment provided herein queries, using a UID, whetherthere is any existing login session queue corresponding to the UID inthe session cache list and manages the user login status through thelogin session queue if an existing login session queue is detected. Theat least one embodiment enables legitimate users to effectively manage,through the login session queue, the login status of each login sessioncreated by the user logging in with the UID. Furthermore and inaccordance with at least one embodiment, any security issues can beprevented or eliminated for a legitimate user, even in a case that alogin session created with the UID would otherwise be beyond thelegitimate user's control.

In order to effectively manage each login status of each login sessionof each user of a large number of users in connection with a number ofdifferent major websites, a large storage capacity is needed. In orderto reasonably store a login session queue corresponding to each UID forwhich the login status is being managed using a login session queue,embodiments of the present disclosure solve the problem of storagecapacity of the session cache list. FIGS. 2 and 3 illustrate a storagecapacity management of a login session queue in accordance with one ormore embodiments of the present disclosure.

FIG. 2 provides a flow diagram illustrating a method for managing userlogin sessions in accordance with at least one exemplary embodiment ofthe present disclosure. In accordance with the at least one exemplaryembodiment, storage capacity of a login session queue can be managed bydeleting an SID in the login session queue. The method in the exampleshown in FIG. 2 comprises steps 201-204.

In step 201, a determination is made whether a size of a login sessionqueue exceeds a predetermined threshold. If the login session queue'ssize exceeds the predetermined threshold, processing continues in step202. If the login session queue's size does not exceed the predeterminedthreshold, processing continues in step 204.

For example, in response to use of Han Mei's hanmei2015 UID in a seriesof login actions on the AAA portal site, an SID corresponding to eachlogin session is created to record the login actions involving Han Mei'shanmei2015 UID. In order to ensure that there is adequate storagecapacity for Han Mei's login session queue, the threshold correspondingto the size of Han Mei's login session queue can be set to a value, suchas and without limitation a value of 50, so that Han Mei's login sessionqueue can record Han Mei's login status on the AAA portal site inconnection with 50 logins using the hanmei2015 UID.

In one embodiment, the predetermined threshold used in accordance withat least one embodiment of the present disclosure can be reasonablydetermined based on various factors, such as and including user loginfrequency, a user rating (e.g., a login rating represented by stars,i.e., one-star, two-star, etc.), a user type (e.g., enterprise user andindividual user) and a storage capacity of the cache list. For example,an average login frequency of user A is once every day, and an averagelogin frequency of user B is ten times every day. A login rating of userA is five-star (high rating), and a login rating of user B is one-star.A user type of user A is an enterprise user, and a user type of user Bis individual user. In such a scenario, the corresponding thresholdsettings of user A and user B are likely to be different, and when thefactors to which user A and user B correspond respectively change, therespective threshold settings can be adjusted to flexibly manage eachuser's login status.

In step 202, each invalid login session in the login session queue isidentified and each login session identified as being invalid is deletedfrom the login session queue, if the size of the login session queueexceeds the predetermined threshold. Each invalid login session deletedfrom the login session queue in step 203 is stored in a first database.In one embodiment, by storing the invalid login sessions in the firstdatabase, the user can query the login status history of his/her own UIDon any login medium (e.g., a PC) in the first database when the userwishes to do so. Processing ends in step 203.

In one embodiment, an invalid login session in the login session queuecan be determined according to preset conditions. For example, if auser's invalid login sessions are determined by the user's login time,the oldest login sessions can be deleted. As yet another example, auser's invalid login sessions can be determined by a predetermined loginmedium set by the user. For example, Han Mei logs into the AAA portalsite with the hanmei2015 UID, and her favorite login medium is a PC.Therefore, Han Mei can set a predetermined login medium to be the PC andindicate that any login sessions with the hanmei2015 UID generated usinga mobile device are to be deleted.

In step 204, the SID corresponding to a specific login is stored in thelogin session queue, if the predetermined threshold has not beenexceeded, and the process ends.

In this embodiment, by comparing the size of the login session queue andthe predetermined threshold, when the size of the login session queueexceeds the predetermined threshold, any invalid login sessions aredeleted from the login session queue, so as to promptly clear theinvalid login sessions in the login session queue and reduce the storagespace of the session cache list by the space occupied by the invalidlogin session(s).

FIG. 3 provides a flow diagram illustrating a method for managing userlogin sessions in yet another exemplary embodiment of the presentdisclosure. In accordance with at least one exemplary embodiment,storage capacity of a login session queue can be controlled by deletingan SID in the login session queue using a storage cycle. The method inthe example shown in FIG. 3 comprises steps 301-305.

In step 301, a storage duration of each SID in the login session queueis determined. In one embodiment, if the storage cycle is, for example,set to be 1 month, each SID in the login session queue with a storageduration exceeding 1 month is regarded as an invalid login session.

In step 302 each SID in the login session queue that has a storageduration not exceeding the storage cycle is considered to be an activeSID in the login session queue. In step 303, each SID identified asbeing active in step 302 is stored in a second database.

In steps 302 and 303, by storing the active SID in the second database,when the user wishes to perform a password change, the user's active SIDcan be obtained from the second database. Each of the active loginsessions that is to be deleted in accordance with the user's loginpermission settings can be deleted, and each active login session thatis permitted by the login permission settings can be maintained. Theuser is able to maintain a plurality of login sessions with the same UIDon the same login medium (e.g., a PC) in accordance with the loginpermission settings in a Browser/Server mode (B/S mode). The user isalso able to permit only one login with the same UID via the same loginmedium. The user is able to flexibly manage the login status of his/herUID.

In step 304, each login session in the login session queue exceeding thestorage cycle is determined to be an invalid login session in the loginsession queue. In step 305, each invalid login session is stored in thefirst database.

In steps 304 and 305, by storing the invalid login session in the firstdatabase, regarded as a security information platform, when it isdesirable to ascertain the login status of all of the user's loginsession, the user's invalid login sessions can be obtained from thefirst database. Furthermore and when it is desirable to penalize anillegitimate user, any UIDs of the illegitimate user can be taken back,so that the illegitimate user's UIDs can no longer be used by theillegitimate user, and the login status of the illegitimate user can berevoked.

In the exemplary embodiment of FIG. 3, by comparing the storage durationof each SID in the login session queue with the predetermined storagecycle, when the storage duration of the login session queue exceeds thepredetermined storage cycle, each SID having a storage durationexceeding the predetermined storage cycle can be deleted from the loginsession queue, so as to promptly clear the invalid login sessions in thelogin session queue and reduce the storage space occupied by the invalidlogin sessions.

In accordance with one or more embodiments of the present disclosure,the embodiments shown in FIGS. 2 and 3 can be combined, so that all of auser's login sessions can be stored. By deleting stored SIDs inaccordance with the methods shown in FIGS. 2 and 3, the storage capacityof the cache list can be maintained within a certain range. For example,if the number of active users of the AAA portal site each day is50,000,000, then for the AAA portal site, the required storage capacityof the server is: (50,000,000 users) * (the login times per day peruser) * (the storage space every login session occupies), which meansthat a storage capacity of at least 1024G is required. In the embodimentof the present disclosure, the storage capacity of the session cachelist can be reduced and the management of all the user logins of the AAAportal site can be implemented by the prompt deletion of SIDs in thelogin session queue.

In the prior art, the security management of a user's login status isundertaken in the Client/Server mode (C/S mode). For example, theinstant messaging tool QQ only allows one login for a login medium(e.g., a PC), and other logins from the same medium (i.e., other PCs)would be forced offline; the same UID cannot be flexibly used tosimultaneously perform a plurality of logins and remain online via thesame login medium. Embodiments of the present disclosure are based onthe B/S mode, in which the same UID can be used for a plurality oflogins via the same login medium based on the user's login permissionsettings. Please refer to the exemplary embodiments shown in FIGS. 4Aand 4B.

FIG. 4A provides flow diagram illustrating a method for managing userlogin sessions according to yet another exemplary embodiment of thepresent disclosure. The exemplary embodiment shown in FIG. 4A comprisessteps 401 and 402.

In step 401, the user's login permission settings are determined afterdetermining that the user is performing a password change via thecurrent login medium. In one embodiment, Han Mei's login permissionsettings can be set according to her actual login preference. Forexample, Han Mei can set simultaneous logins in the office and at homeas permitted through the IP address, as well as simultaneous logins ontwo mobile phones based on the login medium, and so on. Those skilled inthe art can well understand that the foregoing login location, loginmedium and corresponding numbers are only for exemplary descriptivepurposes. Han Mei can set login permission according to login medium(e.g., a PC, a mobile phone, a tablet, etc.), IP address, time andbrowser information (e.g., browser name, version number, etc.) to berecorded in the login session queue, so that Han Mei can havepersonalized login permission settings.

In step 402, the active login sessions in the login session queue aremanaged based on the user's login permission settings. In oneembodiment, for example, Han Mei's login permission settings specifythat only certain IP addresses from the office and home are permitted.When Han Mei's UID is detected to have been used to log in from adifferent IP address, the login session is deleted, forcing theillegitimate user offline, thereby enabling Han Mei to have control overlogins from the different IP address, and avoiding any login securityissues.

FIG. 4B provides a flow diagram illustrating an implementation inaccordance with step 402 in the embodiment as shown in FIG. 4A, whereinstep 402 may comprise steps 411 and 412 of FIG. 4B.

In step 411 of FIG. 4B, each currently active login session in the loginsession queue is identified. In step 412, each currently active loginsession that is permitted by the user's login permission settings iskept and each currently active login session that is not permitted bythe user's login permission settings is deleted.

For example, there are 3 SIDs respectively for home, office and schoolin Han Mei's current login session queue. Since Han Mei has presetpermission for simultaneous logins in the office and at home, the loginsessions corresponding to the home IP address and office IP address arepermitted to log in, but the SID corresponding to the school will bedeleted from the login session queue, denying Han Mei's UID login atschool, or preventing Han Mei's child Li Lei from logging into the AAAportal site with Han Mei's UID. Han Mei sets the school IP address asunpermitted, thus, when it is detected that the school IP address isrecorded in the login session queue, the SID of login at the school IPaddress will be deleted, so that Li Lei's school login status is deletedand Li Lei is forced offline. Thus, the login session associated with LiLei logging in to the AAA portal site through the school IP address canbe within Han Mei's control and Han Mei's management of her login statusis improved.

In accordance with at least one embodiment, the login permission can beset according to login media (e.g., a PC, a mobile phone, a tablet,etc.), IP address, time and browser information (e.g., browser name,version number, etc.) corresponding to the UIDs recorded in the loginsession queue, thereby personalizing login permission settings accordingto the preset login permission settings, improving the flexibility inmanaging the user's login status.

FIG. 5 provides a scene graph of a user's login session managementaccording to an exemplary embodiment of the present disclosure. Theexemplary embodiment of FIG. 5 comprises steps 501-512.

In step 501, a user logs in with a UID via a login medium. In addition,having successfully logged in, the user can be directed to correspondingtransactions. In order to highlight the object of the presentdisclosure, the embodiments of the present disclosure do not describethese corresponding transactions in detail.

In step 502, an SID is created for the user's login. In step 503, thesession cache list is queried using the user's UID. In step 504, adetermination is made whether there is any existing login session queuecorresponding to the UID in the session cache list. If it is determined,in step 504, that a login session queue corresponding to the UID existsin the session cache list, execution proceeds to step 505. If it isdetermined, in step 504, that a login session queue corresponding to theUID does not exist in the session cache list, execution proceeds to step508.

In step 505, the login session queue corresponding to the UID isobtained from the cache list. In step 506, a determination is madewhether the size of the login session queue exceeds a predeterminedthreshold. If the size of the login session queue exceeds apredetermined threshold, executing proceeds to step 507. Otherwise,execution proceeds to step 508.

In step 507, each invalid login session in the login session queue isidentified. In step 510, each invalid login session identified in step507 is deleted from the login session queue and stored in the firstdatabase. Processing ends.

In step 508, a new login session corresponding to the UID is created andstored in the cache list. In step 509, a determination is made whetherthe storage duration of any SID in the login session queue exceeds thepredetermined storage cycle. Each SID with an associated storageduration exceeding the storage cycle period is stored in the firstdatabase and each SID with an associated storage during not exceedingthe storage cycle is stored in the second database. Processing ends.

In step 511, each currently-active login session is retrieved from thesecond database when the user is detected as performing a passwordchange operation. In step 512, the currently-active login sessionsretrieved from the second database are managed. Any login sessions thatare not permitted by the user's login permission settings are deleted.

By managing the user SIDs as described above and in the B/S mode, theuser can obtain all login status for a given UID on all login media(e.g., a PC, a mobile phone) through the login session queue, includingthe active and invalid logins. Moreover, in the B/S mode, according tothe embodiments of the present disclosure, a plurality of simultaneouslogins with the same UID via the same login medium (e.g., a PC) can beachieved by managing the login permission settings; or, only one loginwith the same UID via the same login medium may be permitted, while allother logins via other media are forced offline. Embodiments of thepresent disclosure also enable the login via the current login medium toremain valid while forcing the logins via other login media offline whenthe user is detected to be performing a password change.

Corresponding to the above method for managing user login sessions, thepresent disclosure also discloses a schematic view of the structure of aserver in accordance with an exemplary embodiment of the disclosure,shown in FIG. 6. In terms of hardware, the server comprises a processor,an internal bus, a network interface, a memory and a nonvolatile memory.The server may include other hardware. The processor reads thecorresponding computer program from the nonvolatile memory into thememory and then runs the program, and thus logically forms a device formanaging user login sessions. In addition to a software implementation,it is natural that the present disclosure does not exclude other meansof implementation, such as a logic device or a combination of softwareand hardware. In other words, rather than being limited to therespective logic units, the subject of the following processes can alsobe hardware or a logic device, for example.

FIG. 7 provides an illustration of a schematic view of the structure ofa device for managing user login sessions in accordance with oneexemplary embodiment of the disclosure. In a software implementation,the device for managing the login sessions can comprise a query module71, a managing module 72 and a first storage module 73.

The query module 71 queries, using the UID and after the user hassuccessfully logged in with the UID via a login medium, whether there isany existing login session queue corresponding to the UID in the sessioncache list. The managing module 72 manages the user login status throughthe login session queue if the query module 71 detects that there is anexisting login session queue. The first storage module 73 stores the SIDcorresponding to the new login in the session cache list in the form ofa login session queue if the query module 71 detects that there is noexisting login session queue.

FIG. 8 provides an example of a schematic view of the structure of adevice for managing user login sessions according to another exemplaryembodiment of the present disclosure. In the exemplary embodiments shownin FIG. 8, the device shown in FIG. 7 can further comprise a creationmodule 74, which is used to create an SID for this login for the user,an establishment module 75, which is used to establish the mappingrelationship between the UID and the SID is created by the creationmodule 74. The mapping relationship is established by the establishmentmodule 75 for the query module 71, to query, according to the UID, thelogin session queue in the session cache list.

In one embodiment, the managing module 72 can comprise a firstdetermination unit 721, a second determination unit 722 and a storageunit 723.

The first determination unit 721 determines whether the size of thelogin session queue detected by the query module 71 exceeds thepredetermined threshold. The second determination unit 722 identifiesany invalid login sessions in the login session queue and deletes anyinvalid login session(s) from the login session queue, if the firstdetermination unit 721 determines that the login session queue's sizeexceeds the predetermined threshold. The storage unit 723 stores the SIDcorresponding to the new login in the login session queue, if the firstdetermination unit 721 determines that the size of the login sessionqueue does not exceed the predetermined threshold.

In one embodiment, the device can further comprises a second storagemodule 76 to store the invalid login session identified by the seconddetermination unit 722 in the first database.

FIG. 9 provides an example of a schematic view of a structure of adevice for managing user login sessions in accordance with yet anotherexemplary embodiment of the present disclosure. Based on the embodimentof FIG. 9, the managing module 72 shown in FIG. 7 can comprise a thirddetermination unit 724, a fourth determination unit 725 and a deletionunit 726.

The third determination unit 724 determines whether the storage durationof each login SID in the login session queue detected by the first querymodule exceeds the predetermined storage cycle. The fourth determinationunit 725 identifies each SID (determined by the third determination unit724) having a storage duration exceeding the predetermined storage cyclein the login session queue as an invalid login session in the loginsession queue. The deletion unit 726 deletes each invalid login sessionidentified by the fourth determination unit 725 from the login sessionqueue.

In one embodiment, the device can further comprise a third storagemodule 77 to store, in the first database, each invalid login sessiondeleted by the deletion unit 726.

In one embodiment, the device can further comprise a first determinationmodule 78 to determine each SID (detected by the query module 71) havinga storage duration not exceeding the predetermined storage cycle in thelogin session queue as an active SID, and a fourth storage module 79 tostore each active SID determined by the first determination module 78 inthe second database.

FIG. 10 provides an example of a schematic view of the structure of adevice for managing user login sessions in accordance with yet anotherexemplary embodiment of the present disclosure. Based on the embodimentof FIG. 10, the managing module 72 shown in FIG. 7 can comprise a fifthdetermination unit 726 to determine the user's login permission settingsafter detecting that the user is performing a password change via thecurrent login medium, and a managing unit 727 to manage thecurrently-active login sessions in the login session queue according tothe login permission settings determined by the fifth determination unit726.

In one embodiment, the managing module 727 can comprise a determinationsubunit 7271 to determine the currently-active login sessions in thelogin session queue, and a managing subunit 7272, to keep the permittedSID in the login session queue and delete the unpermitted SID inaccordance with the login permission settings determined bydetermination subunit 7271.

It is thus clear from the above embodiments that the embodiments of thepresent disclosure can realize security management of the login sessionsbased on the Browser/Server mode with various major websites, enabling alegitimate user to effectively manage, using a login session queuecorresponding with a UID, the status of login sessions created using theUID, and preventing the login sessions created by logging in with thesame UID from being beyond the legitimate user's control, thus avoidinglogin security issues. Additionally, the storage space of the sessioncache list occupied by the invalid login session(s) can be reduced bypromptly deleting the invalid login session(s).

Upon reviewing the Description and implementing the present disclosuredisclosed herein, other embodiments of the present disclosure may becomeapparent to those skilled in the art. The present disclosure intends toinclude all the variations, uses or adaptable variations that accordwith the general principles of the present disclosure and include commonknowledge or conventional technique in the art not disclosed by thepresent disclosure. The Description and embodiments are only exemplary,and the veritable scope and spirit of the present disclosure arespecified in the Claims hereinafter.

It shall be understood that the terms “comprise”, “include” or any othervariations thereof are intended to mean inclusiveness without exclusion,and thus a process, method, commodity or device including a series ofelements comprises not only the listed elements, but also other elementswhich are not expressly listed, or it also comprises the inherentelements that the process, method, commodity or device hereof has.Without further specification, the expression “comprising a . . . ” doesnot indicate that only the element that the subject comprises ispresent; other like elements, such as processes, methods, commodities ordevices, may also be present.

All the foregoing embodiments are only the preferred embodiments of thepresent disclosure, which shall not be used to limit this Application.Any modification, equivalent replacement or modification within thespirit and principle of the present disclosure shall be within the scopeof the present application.

1. A method comprising: querying, using a server computing device and auser ID, to detect whether a login session queue corresponding to theuser ID exists in a session cache list, the querying being performedafter a successful login of the user with the user ID via a loginmedium; managing, using the server computing device, the user's loginstatus through the login session queue, if the querying detects that thelogin session queue corresponding to the user ID exists in the sessioncache list; and storing, using the server computing device, a session IDin a login session queue corresponding to the UID in the session cachelist if the querying detects an absence of the login session queuecorresponding to the user ID in the session cache list.
 2. The method ofclaim 1, further comprising: creating a session ID in response to theuser's login; and establishing a mapping relationship between the userID and the session ID.
 3. The method of claim 1, managing the user loginstatus through the login session queue further comprising: determining,using the server computing device, whether a size of the login sessionqueue exceeds a predetermined threshold; determining, using the servercomputing device, whether each login session in the login session queueis an invalid login session in the login session queue, deleting eachlogin session determined to be an invalid login session from the loginsession queue, and storing each invalid login session deleted from thelogin session queue in a first database, if the size of the loginsession queue is determined to exceed the predetermined threshold; andstoring, using the server computing device, the session ID correspondingto the user's login in the login session queue, if the size of the loginsession queue is determined not to exceed the predetermined threshold.4. The method of claim 3, managing the user login status through thelogin session queue further comprising: determining, using the servercomputing device, the user's login permission settings after detectingthat the user is performing a password change via a current loginmedium; and managing each currently-active session ID in the loginsession queue in accordance with the login permission settings,comprising: determining, using the server computing device and for eachcurrently-active session ID in the login session queue, whether thecurrently-active session ID is a permitted session ID in accordance withthe login permission settings; keeping, using the server computingdevice, the currently-active session that is identified as permitted inthe login session queue, and deleting, from the login session queue,each currently-active session ID identified as unpermitted.
 5. Themethod of claim 1, managing the user login status through the loginsession queue further comprising: determining, using the servercomputing device and for each session ID, whether a storage duration ofa login session corresponding to the session ID in the login sessionqueue exceeds a predetermined storage cycle; determining, using theserver computing device and for each session ID, that the correspondinglogin session is an invalid login session in the login session queue ifthe storage duration exceeds the predetermined storage cycle; anddeleting, using the server computing device and for each invalid loginsession, the invalid login session from the login session queue andstoring the invalid login session in a first database.
 6. The method ofclaim 5, further comprising: determining, using the server computingdevice, each session ID in the login session queue having a storageduration not exceeding the predetermined storage cycle as an activesession ID in the login session queue; and storing each determinedactive session ID in a second database.
 7. The method of claim 5,managing the user login status through the login session queue furthercomprising: determining, using the server computing device, the user'slogin permission settings after detecting that the user is performing apassword change via a current login medium; and managing eachcurrently-active session ID in the login session queue in accordancewith the login permission settings, comprising: determining, using theserver computing device and for each currently-active session ID in thelogin session queue, whether the currently-active session ID is apermitted session ID in accordance with the login permission settings;keeping, using the server computing device, the currently-active sessionthat is identified as permitted in the login session queue, anddeleting, from the login session queue, each currently-active session IDidentified as unpermitted.
 8. The method of claim 1, managing the userlogin status through the login session queue further comprising:determining, using the server computing device, the user's loginpermission settings after detecting that the user is performing apassword change via a current login medium; and managing eachcurrently-active session ID in the login session queue in accordancewith the login permission settings.
 9. The method of claim 8, managingeach currently-active session ID in the login session queue according tothe login permission settings further comprising: determining, using theserver computing device and for each currently-active session ID in thelogin session queue, whether the currently-active session ID is apermitted session ID in accordance with the login permission settings;keeping, using the server computing device, the currently-active sessionthat is identified as permitted in the login session queue, anddeleting, from the login session queue, each currently-active session IDidentified as unpermitted.
 10. A server computing device comprising: aquery module querying, using a user ID, to detect whether a loginsession queue corresponding to the user ID exists in a session cachelist, the querying being performed after a successful login of the userwith the user ID via a login medium; a managing module managing theuser's login status through the login session queue, if the query moduledetects that the login session queue corresponding to the user ID existsin the session cache list; and a first storage module storing a sessionID in a login session queue corresponding to the UID in the sessioncache list if the query module detects an absence of the login sessionqueue corresponding to the user ID in the session cache list.
 11. Thedevice of claim 10, further comprising: a creation module creating asession ID in response to the user's login; and a mapping moduleestablishing a mapping relationship between the user ID and the sessionID created by the creation module.
 12. The device of claim 10, themanaging module further comprising: a first determination unitdetermining whether a size of the login session queue exceeds apredetermined threshold; a second determination unit determining whethereach login session in the login session queue is an invalid loginsession in the login session queue and deleting each login sessiondetermined to be an invalid login session from the login session queue,if the size of the login session queue is determined to exceed thepredetermined threshold; a storage unit storing the session IDcorresponding to the user's login in the login session queue, if thesize of the login session queue is determined not to exceed thepredetermined threshold; and a second storage module storing, in a firstdatabase, each invalid login session identified by the seconddetermination unit.
 13. The device of claim 12, the managing modulefurther comprising: a fifth determination unit determining the user'slogin permission settings after detecting that the user is performing apassword change via a current login medium; and a managing unit managingeach currently-active session ID in the login session queue according tothe login permission settings in accordance with the login permissionsettings determined by the fifth determination unit, the managing unitfurther comprising: a determination subunit determining, for eachcurrently-active session ID in the login session queue, whether thecurrently-active session ID is a permitted session ID in accordance withthe login permission settings; and a managing subunit keeping eachcurrently-active session ID that is identified by the determinationsubunit to be permitted in the login session queue, and deleting, fromthe login session queue, each currently-active session ID that isidentified by the determination subunit to be unpermitted.
 14. Thedevice of claim 10, the managing module further comprising: a thirddetermination unit determining, for each session ID, whether a storageduration of a login session corresponding to the session ID in the loginsession queue exceeds a predetermined storage cycle; a fourthdetermination unit determining, for each session ID, that thecorresponding login session is an invalid login session in the loginsession queue, if the login session's storage duration determined by thethird determination unit exceeds the predetermined storage cycle; adeletion unit deleting each invalid login session identified by thefourth determination unit from the login session queue; and a thirdstorage module storing each invalid login session deleted from the loginsession queue by the deletion unit in a first database.
 15. The deviceof claim 14, further comprising: a determination module determining eachsession ID in the login session queue having a storage duration notexceeding the predetermined storage cycle as an active session ID in thelogin session queue; and a fourth storage module storing each determinedactive session ID in a second database.
 16. The device of claim 14, themanaging module further comprising: a fifth determination unitdetermining the user's login permission settings after detecting thatthe user is performing a password change via a current login medium; anda managing unit managing each currently-active session ID in the loginsession queue according to the login permission settings in accordancewith the login permission settings determined by the fifth determinationunit, the managing unit further comprising: a determination subunitdetermining, for each currently-active session ID in the login sessionqueue, whether the currently-active session ID is a permitted session IDin accordance with the login permission settings; and a managing subunitkeeping each currently-active session ID that is identified by thedetermination subunit to be permitted in the login session queue, anddeleting, from the login session queue, each currently-active session IDthat is identified by the determination subunit to be unpermitted. 17.The device of claim 10, the managing module further comprising: a fifthdetermination unit determining the user's login permission settingsafter detecting that the user is performing a password change via acurrent login medium; and a managing unit managing each currently-activesession ID in the login session queue according to the login permissionsettings in accordance with the login permission settings determined bythe fifth determination unit.
 18. The device of claim 17, the managingunit further comprising: a determination subunit determining, for eachcurrently-active session ID in the login session queue, whether thecurrently-active session ID is a permitted session ID in accordance withthe login permission settings; and a managing subunit keeping eachcurrently-active session ID that is identified by the determinationsubunit to be permitted in the login session queue, and deleting, fromthe login session queue, each currently-active session ID that isidentified by the determination subunit to be unpermitted.
 19. A server,comprising: a processor; and a storage medium for tangibly storingthereon program logic for execution by the processor, the stored programlogic comprising: querying logic executed by the processor for querying,using a user ID, to detect whether a login session queue correspondingto the user ID exists in a session cache list, the querying beingperformed after a successful login of the user with the user ID via alogin medium; managing logic executed by the processor for managing theuser's login status through the login session queue, if the queryingdetects that the login session queue corresponding to the user ID existsin the session cache list; and storing logic executed by the processorfor storing a session ID in a login session queue corresponding to theUID in the session cache list if the querying detects an absence of thelogin session queue corresponding to the user ID in the session cachelist.